Lucene search

K
RedhatLibvirt

73 matches found

CVE
CVE
added 2019/07/30 11:15 p.m.400 views

CVE-2019-10161

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use ...

8.8CVSS8AI score0.00073EPSS
CVE
CVE
added 2023/07/24 4:15 p.m.380 views

CVE-2023-3750

A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to cras...

6.5CVSS5.6AI score0.00106EPSS
CVE
CVE
added 2020/10/06 2:15 p.m.363 views

CVE-2020-25637

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with li...

7.2CVSS6.6AI score0.00097EPSS
Web
CVE
CVE
added 2019/08/02 1:15 p.m.333 views

CVE-2019-10167

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients c...

8.8CVSS7.8AI score0.00046EPSS
CVE
CVE
added 2020/12/03 5:15 p.m.283 views

CVE-2020-14339

A flaw was found in libvirt, where it leaked a file descriptor for /dev/mapper/control into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of th...

8.8CVSS8.1AI score0.00066EPSS
CVE
CVE
added 2019/08/02 1:15 p.m.252 views

CVE-2019-10168

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabili...

8.8CVSS7.6AI score0.00063EPSS
CVE
CVE
added 2019/08/02 1:15 p.m.242 views

CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local at...

7.8CVSS7.4AI score0.00025EPSS
CVE
CVE
added 2020/04/28 8:15 p.m.229 views

CVE-2020-12430

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users...

6.5CVSS6AI score0.00717EPSS
CVE
CVE
added 2020/03/19 2:15 a.m.222 views

CVE-2019-20485

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

5.7CVSS5.7AI score0.00203EPSS
CVE
CVE
added 2022/03/02 11:15 p.m.207 views

CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and...

6.3CVSS6.2AI score0.00044EPSS
CVE
CVE
added 2019/03/27 1:29 p.m.188 views

CVE-2019-3840

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.

6.3CVSS5.6AI score0.00752EPSS
CVE
CVE
added 2024/03/18 1:15 p.m.188 views

CVE-2024-2496

A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of serv...

5.5CVSS5.4AI score0.00037EPSS
CVE
CVE
added 2019/05/22 6:29 p.m.179 views

CVE-2019-10132

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the ...

8.8CVSS6.6AI score0.01212EPSS
CVE
CVE
added 2020/06/02 1:15 p.m.179 views

CVE-2020-10703

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like...

6.5CVSS6.3AI score0.0068EPSS
CVE
CVE
added 2019/04/04 4:29 p.m.175 views

CVE-2019-3886

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

5.4CVSS5.4AI score0.00525EPSS
CVE
CVE
added 2022/03/25 7:15 p.m.170 views

CVE-2022-0897

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. T...

4.3CVSS4.4AI score0.00051EPSS
CVE
CVE
added 2022/08/23 8:15 p.m.155 views

CVE-2021-3975

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down....

6.5CVSS6.2AI score0.00273EPSS
CVE
CVE
added 2018/01/25 4:29 p.m.152 views

CVE-2018-5748

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.

7.5CVSS5.8AI score0.01625EPSS
CVE
CVE
added 2021/05/27 8:15 p.m.151 views

CVE-2020-14301

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpxml...

6.5CVSS6.8AI score0.00264EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.136 views

CVE-2023-2700

A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.

5.5CVSS5.4AI score0.0003EPSS
CVE
CVE
added 2022/03/02 11:15 p.m.133 views

CVE-2021-3667

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited AC...

6.5CVSS6.2AI score0.00302EPSS
CVE
CVE
added 2018/02/23 5:29 p.m.128 views

CVE-2018-6764

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

7.8CVSS6.5AI score0.00038EPSS
CVE
CVE
added 2018/03/28 6:29 p.m.123 views

CVE-2018-1064

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.

7.5CVSS6.3AI score0.01625EPSS
CVE
CVE
added 2017/10/31 3:29 p.m.119 views

CVE-2017-1000256

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

8.1CVSS7.6AI score0.00778EPSS
CVE
CVE
added 2022/03/25 7:15 p.m.103 views

CVE-2021-4147

A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.

6.5CVSS6.2AI score0.00057EPSS
CVE
CVE
added 2016/07/13 3:59 p.m.88 views

CVE-2016-5008

libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.

9.8CVSS7.4AI score0.02531EPSS
CVE
CVE
added 2011/08/10 8:55 p.m.86 views

CVE-2011-2511

Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.

4CVSS7.6AI score0.02832EPSS
CVE
CVE
added 2024/08/30 5:15 p.m.83 views

CVE-2024-8235

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced....

6.2CVSS6.2AI score0.00106EPSS
CVE
CVE
added 2014/01/24 6:55 p.m.82 views

CVE-2013-6458

Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (li...

6.8CVSS8AI score0.00779EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.81 views

CVE-2013-4311

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288...

4.6CVSS8.2AI score0.00033EPSS
CVE
CVE
added 2014/08/03 6:55 p.m.81 views

CVE-2014-0179

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, re...

1.9CVSS7.6AI score0.00114EPSS
CVE
CVE
added 2013/02/08 8:55 p.m.80 views

CVE-2013-0170

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by trig...

6.8CVSS7.5AI score0.2022EPSS
CVE
CVE
added 2016/04/11 9:59 p.m.80 views

CVE-2015-5313

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files v...

2.5CVSS4.9AI score0.00057EPSS
CVE
CVE
added 2019/04/18 4:29 p.m.79 views

CVE-2016-10746

libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.

7.5CVSS5.5AI score0.00559EPSS
CVE
CVE
added 2011/03/15 5:55 p.m.78 views

CVE-2011-1146

libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToS...

6.9CVSS8AI score0.01284EPSS
CVE
CVE
added 2011/05/31 8:55 p.m.78 views

CVE-2011-1486

libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.

3.3CVSS6.3AI score0.00859EPSS
CVE
CVE
added 2016/05/25 3:59 p.m.78 views

CVE-2014-3672

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.

6.5CVSS5.6AI score0.00033EPSS
CVE
CVE
added 2013/09/30 9:55 p.m.77 views

CVE-2013-4296

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC ca...

4CVSS7.6AI score0.03294EPSS
CVE
CVE
added 2014/08/03 6:55 p.m.77 views

CVE-2014-5177

libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, ...

1.2CVSS7.8AI score0.00114EPSS
CVE
CVE
added 2014/12/19 3:59 p.m.77 views

CVE-2014-8136

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

2.1CVSS7.1AI score0.00131EPSS
CVE
CVE
added 2014/11/13 9:32 p.m.76 views

CVE-2014-7823

The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.

5CVSS8.3AI score0.00531EPSS
CVE
CVE
added 2021/05/27 7:15 p.m.76 views

CVE-2020-10701

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this fl...

6.5CVSS6.2AI score0.0025EPSS
CVE
CVE
added 2015/01/29 3:59 p.m.75 views

CVE-2015-0236

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.

3.5CVSS5.9AI score0.00423EPSS
CVE
CVE
added 2014/01/24 6:55 p.m.73 views

CVE-2014-1447

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.

3.3CVSS8AI score0.06277EPSS
CVE
CVE
added 2021/05/24 12:15 p.m.70 views

CVE-2021-3559

A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt dae...

6.5CVSS6.4AI score0.00368EPSS
CVE
CVE
added 2016/04/14 3:59 p.m.69 views

CVE-2011-4600

The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.

5.9CVSS5.6AI score0.00351EPSS
CVE
CVE
added 2013/05/29 12:55 a.m.69 views

CVE-2013-1962

The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool."

5CVSS6.2AI score0.03779EPSS
CVE
CVE
added 2014/04/15 11:55 p.m.69 views

CVE-2013-6456

The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /de...

5.8CVSS6.3AI score0.00245EPSS
CVE
CVE
added 2011/08/10 8:55 p.m.68 views

CVE-2011-2178

The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary fi...

4.4CVSS6.4AI score0.00084EPSS
CVE
CVE
added 2012/11/19 12:10 p.m.67 views

CVE-2012-4423

The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.

5CVSS6.3AI score0.0287EPSS
Total number of security vulnerabilities73